[Secure-testing-commits] r1259 - data/CAN

Thu, 23 Jun 2005 00:14:44 +0000

Author: jmm-guest
Date: 2005-06-23 00:14:41 +0000 (Thu, 23 Jun 2005)
New Revision: 1259

Modified:
   data/CAN/list
Log:
canified ruby, trac and sudo
yaws already fixed


Modified: data/CAN/list
===================================================================

--- data/CAN/list	2005-06-23 00:08:26 UTC (rev 1258)
+++ data/CAN/list	2005-06-23 00:14:41 UTC (rev 1259)
@@ -59,54 +59,52 @@
 	NOTE: reserved
 CAN-2005-2015
 	NOTE: reserved
-begin claimed by jmm
 CAN-2005-2014 (The &quot;upload a language pack&quot; feature in paFAQ 1.0 Beta 4 allows remote ...)
-	TODO: check
+	NOTE: not-for-us (paFAQ)
 CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (paFAQ)
 CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...)
-	TODO: check
+	NOTE: not-for-us (paFAQ)
 CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...)
-	TODO: check
+	NOTE: not-for-us (paFAQ)
 CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...)
-	TODO: check
+	NOTE: not-for-us (Ublog Reload)
 CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
-	TODO: check
+	NOTE: not-for-us (Ublog Reload)
 CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
-	TODO: check
+        - yaws 1.56-1
 CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
-	TODO: check
+	- trac 0.8.4-1
 CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
-	TODO: check
+	NOTE: not-for-us (JBOSS)
 CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...)
-	TODO: check
+	NOTE: not-for-us (Ultimate PHP Board)
 CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...)
-	TODO: check
+	NOTE: not-for-us (Ultimate PHP Board)
 CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...)
-	TODO: check
+	NOTE: not-for-us (Ultimate PHP Board)
 CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...)
-	TODO: check
+	NOTE: not-for-us (Mambo)
 CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...)
-	TODO: check
+	NOTE: not-for-us (paFileDB)
 CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...)
-	TODO: check
+	NOTE: not-for-us (paFileDB)
 CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
-	TODO: check
+	NOTE: not-for-us (paFileDB)
 CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
-	TODO: check
+	NOTE: not-for-us (McGallery)
 CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...)
-	TODO: check
+	NOTE: not-for-us (McGallery)
 CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...)
-	TODO: check
+	NOTE: not-for-us (Bitrix Site Manager)
 CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...)
-	TODO: check
+	NOTE: not-for-us (Bitrix Site Manager)
 CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
-	TODO: check
+	NOTE: not-for-us (Finjan SurfinGate)
 CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
-	TODO: check
+	- sudo (unfixed; bug #315115; medium)
 CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
-	TODO: check
-end claimed by jmm
+	- ruby1.8 (unfixed; bug #315064; medium)
 CAN-2005-1991
 	NOTE: reserved
 CAN-2005-1990
@@ -427,12 +425,6 @@
         - snort 1.6.1-1
 CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
 	NOTE: not-for-us (Xitami)
-CAN-2005-XXXX [File upload vulnerability in trac]
-	- trac 0.8.4-1
-CAN-2005-XXXX [Race condition in sudo's pathname validation]
-	- sudo (unfixed; bug #315115; medium)
-CAN-2005-XXXX [Arbitrary command execution in Ruby's XMLRPC code]
-	- ruby1.8 (unfixed; bug #315064; medium)
 CAN-2005-XXXX [Tor: Information leak through insufficient length verification of relay calls]
 	- tor 0.0.9.10-1 (medium)
 CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)



